With markets sinking in recent months, malware attacks have shifted and spiked in frequency, according to Spain-based PandaLabs. The “startling connection” the company said it found between markets and attacks reveals how tightly integrated cybercrime and the economy have become.
From September 8 to 10, a period of significant market decline, daily attacks jumped from 10,150 to more than 24,000, according to the firm. During another major decline, from September 14 to 16, daily attacks climbed from 8,276 to about 31,400.
The study shows how cybercriminals can quickly shift tactics, said PandaLabs.
Instability in the financial sector led to fewer attacks typically aimed at banks and more attacks normally aimed against a broader target range. Phishing e-mails, which steal passwords and other credentials, declined. But other attacks surged. An example was fake antivirus software aimed at fooling people into making online transactions. Such schemes are generating more than $18 million a month for the underground economy, said the security firm.
PandaLabs recommends that organizations take steps to protect themselves. But the report also lends credence to the view that cybercrime is constantly evolving and largely intractable. “There will be no end to the persistence and pervasiveness of cybercriminals and their attempts at exploiting malware for financial gain,” said Luis Corrons, PandaLabs technical director.
A number of experts have consistently stressed that fighting cybercrime will require tougher punishments. “Without penalties, bad people won’t stop doing bad things,” said noted IT security writer Bruce Schneier in a recent interview with Security Management. “Laws don’t make sense without penalties.” Schneier is also CTO of managed security services provider BT Counterpane, of Santa Clara, California.
In this vein, Mikko Hypponen, chief research officer at Finland-based F-Secure recently recommended the creation of an international cybercrime-fighting organization. It should be based on Interpol, the French-based global crime-fighting body. Local law enforcement agencies lack the resources to battle Internet crime, which “is almost always international,” he said. The organization should be specifically tasked with targeting and investigating the world’s biggest cyber criminals, he said.